Phil Zimmermann's post-PGP project: privacy for a price

Phil Zimmermann released PGP for free, but he's planning to charge about $20 a month for his new Silent Circle encryption service. It's unlikely to be applauded by encryption-wary law enforcement agencies.

He rocketed to privacy stardom over two decades ago with the release of PGP, the first widely available program that made it easy to encrypt e-mail. Now Phil Zimmermann wants to do the same thing for phone calls.

Zimmermann's new company, Silent Circle, plans to release a beta version of an iPhone and Android app in late July that encrypts phone calls and other communications. A final version is scheduled to follow in late September.

This time around, Zimmermann is facing not the possibility of prison time on charges of violating encryption export laws, but a more traditional challenge: convincing would-be users that protecting their privacy is worth paying Silent Circle something like $20 a month.

"I'm not going to apologize for the cost," Zimmermann told CNET, adding that the final price has not been set. "This is not Facebook. Our customers are customers. They're not products. They're not part of the inventory."

Silent Circle's planned debut comes amid recent polls suggesting that Internet users remain concerned about online data collection (or at least are willing to tell pollsters so), with Facebook topping health insurers, banks, and even the federal government as today's No. 1 privacy threat. Yet even after a decade of startups that have tried to capitalize on these concerns, consumers spending their own money remain consistently difficult to persuade that paying for privacy is worth it.

Zimmermann hopes to overcome this reluctance by offering a set of services designed from the start to be simple to use: encrypted e-mail, encrypted phone calls, and encrypted instant messaging. (Encrypted SMS text messages are eventually planned too.)

"We're going after target markets that have a special need for this," Zimmermann said. "For example, U.S. military serving overseas that wish to speak to their families."

One sales pitch unique to Silent Circle is Zimmermann's own history of high-profile support for civil liberties that recently placed him in the Internet Hall of Fame, including spending four years under threat of criminal indictment for releasing PGP in the early 1990s. At the time, encryption software was regulated as a munition, meaning unlicensed export could be a federal felony. Zimmermann later founded PGP Inc., now owned by Symantec.

Symantec has focused far more on selling PGP-branded products to corporations, not individuals. Symantec's Web page for PGP Whole Disk Encryption, for instance, boasts that the utility "provides organizations with comprehensive, high performance full disk encryption" to protect "customer and partner data."

PGP "moved too far away from individual users," Zimmermann says. "It was geared so heavily toward enterprise that I felt it was hard to use for ordinary people. That was kind of sad. My original intent was individuals. Now I get to go back to individuals again."

Silent Circle's app will securely scramble conversations -- using end-to-end encryption and the ZRTP protocol -- between two people if both are using its software. If only one person has the app, the connection will be scrambled only to Silent Circle's servers, which could still be valuable for overseas users worried less about the FBI and more about their own government eavesdroppers.

"We will have a Windows PC and a Mac version as well," says Zimmermann, who after selling PGP founded a now-defunct startup called Zfone. "We don't have that now. For our beta, we're just going to have the smartphones, iOS and Android. We'll have the other platforms for the real release."

Law enforcement, which warns that tech advances have made it far more difficult to wiretap Americans suspected of illegal activities, is unlikely to applaud Zimmermann's new venture. As CNET reported last month, the FBI has drafted a proposed law that would require providers of VoIP, instant messaging, and Web e-mail to alter their code to ensure their products are wiretap-friendly by building in backdoors for government surveillance.

"If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding" as long as it reaches the threshold for a minimum number of users, an industry representative who reviewed the FBI's draft legislation said.

The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act (CALEA) that currently applies only to telecommunications providers, not Web or peer-to-peer VoIP companies. The Federal Communications Commission extended CALEA in 2004 to sweep in broadband networks and VoIP providers such as Vonage (which uses the telephone network) but not Skype-to-Skype calls (which are peer-to-peer).

Depending on the final wording, the legislation could target Silent Circle -- meaning that, 21 years after he released PGP, Phil Zimmermann has not lost his knack for vexing the U.S. government.

About the author

Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
See full bio